package com.coconet.gas.config;


import com.coconet.gas.jwt.Filter.JwtAuthenticationTokenFilter;
import com.coconet.gas.security.Handler.EntryPointUnauthorizedHandler;
import com.coconet.gas.security.Handler.RestAccessDeniedHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	private UserDetailsService userDetailsService;
	private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
	private EntryPointUnauthorizedHandler entryPointUnauthorizedHandler;
	private RestAccessDeniedHandler restAccessDeniedHandler;
	private PasswordEncoder passwordEncoder;

	@Autowired
	public WebSecurityConfig(UserDetailsService userDetailsService, JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter, EntryPointUnauthorizedHandler entryPointUnauthorizedHandler, RestAccessDeniedHandler restAccessDeniedHandler) {
		this.userDetailsService = userDetailsService;
		this.jwtAuthenticationTokenFilter = jwtAuthenticationTokenFilter;
		this.entryPointUnauthorizedHandler = entryPointUnauthorizedHandler;
		this.restAccessDeniedHandler = restAccessDeniedHandler;
		this.passwordEncoder = new BCryptPasswordEncoder();
	}
	@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
	@Override
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}

//   @Bean
//   public JwtAuthenticationTokenFilter authenticationTokenFilterBean() throws Exception {
//       JwtAuthenticationTokenFilter authenticationTokenFilter = new JwtAuthenticationTokenFilter();
//       authenticationTokenFilter.setAuthenticationManager(authenticationManagerBean());
//       return authenticationTokenFilter;
//   }



	@Autowired
	public void configureAuthentication(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
		authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(passwordEncoder);
//
	}

	@Override
	protected void configure(HttpSecurity httpSecurity) throws Exception {
		httpSecurity.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
				.and().authorizeRequests()
				.antMatchers("/swagger**/**").permitAll()
				.antMatchers("/webjars/**").permitAll()
				.antMatchers("/v2/**").permitAll()
				.antMatchers("/csrf/**").permitAll()
				.antMatchers("/topic/**").permitAll()
				.antMatchers("/websocket/**").permitAll()
				.antMatchers("/user/login").permitAll()
				.antMatchers("/api/user/login").permitAll()
				.antMatchers("/druid/**").permitAll()
				.anyRequest().authenticated()
				.and().headers().cacheControl();
		httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
		httpSecurity.exceptionHandling().authenticationEntryPoint(entryPointUnauthorizedHandler).accessDeniedHandler(restAccessDeniedHandler);

		/**
		 * 本次 json web token 权限控制的核心配置部分
		 * 在 Spring Security 开始判断本次会话是否有权限时的前一瞬间
		 * 通过添加过滤器将 token 解析，将用户所有的权限写入本次 Spring Security 的会话
		 */



	}
}
